Crypto-Gram Newsletter

If you interested in computer security (what is probably true as you visiting this blog, I highly recommend you to subscribe to Crypto-Gram newsletter. Written monthly, Crypto-Gram is a free monthly e-mail newsletter from security expert Bruce Schneier, with over 100,000 readers. In its seven years of regular publication, Crypto-Gram has become one of the most widely read forums for free-wheeling discussions, pointed critiques, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news.

Bruce Schneier, well known cryptographer, computer security expert, and writer, is the author of several books on computer security and cryptography, and is the founder and chief technology officer of Counterpane Internet Security. Before Counterpane, he worked at the United States Department of Defense and then Bell Labs.

Schneier’s Applied Cryptography is a popular and widely regarded reference work for cryptography. Schneier has designed or co-designed several cryptographic algorithms, including the Blowfish, Twofish and MacGuffin block ciphers, and the Yarrow and Fortuna cryptographically secure pseudo-random number generators. Solitaire is a cryptographic algorithm developed by Schneier for use by people without access to a computer, called Pontifex in Neal Stephenson’s novel Cryptonomicon.

However, Schneier now denounces his early success as a naive, mathematical, ivory tower view of what is inherently a people problem. Applied Cryptography premises that technology and algorithms can promise safety and secrecy. Schneier argues that the incontrovertible mathematical guarantees (i.e., regardless of others’ behavior in the system, as long as I follow the protocol, the protocol will guarantee my safety) are actually beside the point (i.e., my RSA encryption is not very useful when my employees are leaking the keys and the implementation is on, as described in Secrets & Lies, a “complex, unstable, buggy” computer). An actual security solution, though it of course includes technology, must also take into account vagaries of hardware, software, networks, people, economics, and business. Schneier is now referring people trying to implement actually secure systems to his new book with Niels Ferguson, Practical Cryptography.

Note: Parts of this text are based on Wikipedia article about Bruce Schneier and also Schneir’s personal Web site http://www.schneier.com/.